SEV: Failed to query the attestation report length ret=-22 fw_err=0 ()

Alexander Lindner Thu, 22 Sep 2022 06:26:37 -0700

Hello everyone,

I'm trying to attest my SEV VM, but it fails. I started the VM with thissnippet:


      <launchSecurity type="sev">
        <cbitpos>47</cbitpos>
        <reducedPhysBits>1</reducedPhysBits>
        <policy>0x0003</policy>
      </launchSecurity>


When I try to utilize qmp, it fails with a generic message:

   echo '{ "execute": "qmp_capabilities"
   
}\n{"execute":"query-sev-attestation-report","arguments":{"mnonce":"ZBaOEOsVmenc5q34VJb9jw=="}}'
   | socat - tcp:192.168.123.1:4444 | tail -1 | jq
   {
   "error": {
   "class": "GenericError",
   "desc": "SEV: Failed to query the attestation report length ret=-22
   fw_err=0 ()"
     }
   }

No syslog or similar logs are written. Can someone give me a hint whatwent wrong?


Some other information:

   echo '{ "execute": "qmp_capabilities" }\n{ "execute": "query-sev" }'
   | socat - tcp:192.168.123.1:4444 | tail -1 | jq
   {
   "return": {
   "enabled": true,
   "api-minor": 22,
   "handle": 1,
   "state": "running",
   "api-major": 0,
   "build-id": 11,
   "policy": 3
     }
   }

Inside the host:

   dmesg | grep SEV
   [    0.160174] AMD Secure Encrypted Virtualization (SEV) active


Regards
Alex

SEV: Failed to query the attestation report length ret=-22 fw_err=0 ()

Reply via email to